sarahw Posted September 28, 2008 Report Share Posted September 28, 2008 Hi,There is a serious problem with my computer.when I boot normally I get a strange background telling me my computer is infected. I can't open Task manager and there is no start button. A timer then pops up and tells me it will reboot because there is an error. I can access Safe Mode but there is still no start menu.Logfile of HijackThis v1.99.1Scan saved at 9:00:52 AM, on 29/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Hijackthis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exeO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exeO4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exeO4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exeO4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exeO4 - HKLM\..\Run: [system] C:\WINDOWS\system32\wind32.exeO4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exeO4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /autoO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dllO11 - Options group: [iNTERNATIONAL] International*O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.datO21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dllO21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dllO21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe Quote Link to post Share on other sites
cdavfrew Posted September 29, 2008 Report Share Posted September 29, 2008 I'm guessing that you're my test person. Hi Hi sarahwThanks for running HijackThis. However, before we can proceed, I will need you to run HijackThis again with the following instructions for an updated and renamed HijackThis.Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file.Rename HijackThis(.exe) to scanner(.exe).Next, run scanner(.exe). A window will pop up.• Click on the button which says Main Menu, then Do a system scan and save a logfile.• Please wait for the scan to be completed.• After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved.NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer.Best Regards Quote Link to post Share on other sites
sarahw Posted September 29, 2008 Author Report Share Posted September 29, 2008 Ok, I did that.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:13:10 PM, on 29/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exeC:\Documents and Settings\Administrator\Desktop\scanner.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exeO2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPLO2 - BHO: (no name) - {C1414B47-C261-4695-B157-3867F6649E93} - C:\WINDOWS\system32\geBtTMec.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dllO4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [sBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exeO4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exeO4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exeO4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exeO4 - HKLM\..\Run: [system] C:\WINDOWS\system32\wind32.exeO4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exeO4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /autoO4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitorO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.datO20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dllO21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dllO21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dllO21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPLO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe--End of file - 5549 bytes Quote Link to post Share on other sites
cdavfrew Posted September 29, 2008 Report Share Posted September 29, 2008 Hey SarahWNice collection of malware there. Let's clean it up.First, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.• Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed.• If it requires a reboot, please do it.• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)Do not click on the ComoboFix window, as it may cause it to stall.After that, follow the next set of instructions in the next post. Quote Link to post Share on other sites
cdavfrew Posted September 29, 2008 Report Share Posted September 29, 2008 (edited) Please run HijackThis.• Click on the button which says Main Menu, then Do a system scan only.• Please wait for the scan to be completed.• After the scan has completed, check the following entries only if they are still there. If they are not there, ignore them.R3 - Default URLSearchHook is missingF2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exeO2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPLO2 - BHO: (no name) - {C1414B47-C261-4695-B157-3867F6649E93} - C:\WINDOWS\system32\geBtTMec.dllO3 - Toolbar: The retnsrp - {941FB260-9D22-480E-84D6-10DB7849180E} - C:\WINDOWS\retnsrp.dllO4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exeO4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Family Computer\Desktop\New Folder\install_sbd_en.exeO4 - HKLM\..\Run: [WMDM PMSP Service] C:\WINDOWS\system32\cssrss.exeO4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exeO4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exeO4 - HKLM\..\Run: [System] C:\WINDOWS\system32\wind32.exeO4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exeO4 - HKLM\..\Run: [runwinlogon] C:\WINDOWS\winlogon.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /autoO4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitorO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.datO20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dllO21 - SSODL: nopzet - {60DCAB51-486C-43FB-B9B8-01C482802676} - C:\WINDOWS\nopzet.dllO21 - SSODL: leorop - {A90E3E41-6AF8-4951-AE47-F14237589566} - C:\WINDOWS\leorop.dllO21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPLClick on the button Fix checkedNOTE:: Close all browsers before fixing anything.Next, open Notepad. Type in the following:@echo off sc stop Schedulesc delete Scheduleexit Click on File > Save As.... In the File Name box, type in fix.bat In the Save as type box, select All Files from the drop-down list. Click Save and save it to your Desktop. Double click on fix.bat. A Command Prompt window will open and close quickly. That is normal. After that, reboot.What problems do you have left?Best Regards Edited September 29, 2008 by cdavfrew Quote Link to post Share on other sites
sarahw Posted September 30, 2008 Author Report Share Posted September 30, 2008 When I run Combo-Fix.exe it says:Setup2.exe - Application errorThe Aplication failed to initialize properly (0xc0000005). Click on OK to termiatre the application.I click on OK and explorer closes. I have to reopen explorer from Task Manager.I didn't do the next part yet. I'll wait to see what you say first. Quote Link to post Share on other sites
cdavfrew Posted September 30, 2008 Report Share Posted September 30, 2008 (edited) Hey sarahwThanks for the detailed report. Let's mix it up a little.Follow the instructions in my second post, reboot, and then run Combo-Fix.exe.Best Regards Edited September 30, 2008 by cdavfrew Quote Link to post Share on other sites
sarahw Posted September 30, 2008 Author Report Share Posted September 30, 2008 I had the same error when I tried to run combofix.I am using Safe Mode with networking to access the internet. I tried it in safe mode also. I still cannot access normal mode. It has a you are infected backgorund and the task manager is still disabled.I am getting a new error when the computer starts./idlist;1940:1504cc:\DocumentsWindows cannot find /idlist;1940:1504cc:\Documents. Make sure you typed it correctly, and then try again.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:44:26 PM, on 30/09/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: Safe modeRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\explorer.exeC:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exeC:\Documents and Settings\Administrator\Desktop\scanner.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {3234566F-583F-4B78-8539-53452D383C9F} - C:\WINDOWS\system32\geBtTMec.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /minO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [f84b99dd] rundll32.exe "C:\WINDOWS\system32\phtwjddf.dll",bO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions presentO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - AppInit_DLLs: C:\WINDOWS\system32\__c00F20E0.datO20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe--End of file - 3990 bytes Quote Link to post Share on other sites
cdavfrew Posted September 30, 2008 Report Share Posted September 30, 2008 Hey sarahwDownload SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)• Open the extracted SDFix folder and double click RunThis.bat to start the script.• Type Y to begin the cleanup process.• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.• Press any Key and it will restart the PC.• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.• Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum)• Finally paste the contents of the Report.txt here.Best Regards Quote Link to post Share on other sites
sarahw Posted September 30, 2008 Author Report Share Posted September 30, 2008 I got this error:cmd.exe - Application errorThe Application failed to initialize properly (0xc0000005). Click on OK to termiatre the application. then it would say:find.exe - Application errorThe Application failed to initialize properly (0xc0000005). Click on OK to termiatre the application.When I clicked OK it would jump from the first error to the second then back again about half a dozen times then it would quit. Quote Link to post Share on other sites
cdavfrew Posted September 30, 2008 Report Share Posted September 30, 2008 Hey sarahwBefore I can continue to more drastic measures, I will need more analysis. 1. Are you running as Administrator?2. Please download EXE File Association Fix, unzip the file, and run the .reg file. When a prompt pops up, click on Yes.After that, reboot, and try running Combo-Fix.exe again.Best Regards Quote Link to post Share on other sites
sarahw Posted September 30, 2008 Author Report Share Posted September 30, 2008 Hi,When the computer rebooted it went into normal mode.ComboFix 08-09-28.03 - Administrator 2008-09-30 23:19:37.9 - NTFSx86 NETWORKMicrosoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.857 [GMT -7:00]Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\All Users.\documents\settings\config.iniC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.datC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.datC:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnkC:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnkC:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnkC:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnkC:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnkC:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnkC:\Documents and Settings\Family Computer\Application Data\MANTEC~1C:\Documents and Settings\Family Computer\Application Data\MANTEC~1\??mantec\C:\Documents and Settings\Family Computer\Application Data\MANTEC~1\services.exeC:\Documents and Settings\Family Computer\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnkC:\Documents and Settings\Family Computer\Application Data\printer.exeC:\Documents and Settings\Family Computer\Application Data\rhc3ocj0en5tC:\Documents and Settings\Family Computer\ftpdll.dllC:\Documents and Settings\Family Computer\Local Settings\Application Data\cftmon.exeC:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exeC:\Documents and Settings\LocalService\ftpdll.dllC:\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exeC:\Program Files\cowabangaC:\Program Files\cowabanga\Cowabanga.exeC:\Program Files\cowabanga\License.txtC:\Program Files\cowabanga\uninstaller.exeC:\Program Files\iSecurityC:\Program Files\MediaVideoCodecC:\Program Files\MediaVideoCodec\install.icoC:\Program Files\MSN Messenger\Device Manager\Loc\1774C:\Program Files\MSN Messenger\Device Manager\Loc\1774\acx.jogC:\Program Files\MSN Messenger\Device Manager\Loc\1774\msvbvm60.dllC:\Program Files\MSN Messenger\Device Manager\Loc\1774\mswinsck.ocxC:\Program Files\MSN Messenger\Device Manager\Loc\1774\pub.jogC:\Program Files\MSN Messenger\Device Manager\Loc\1774\Setup2.exeC:\Program Files\rhc3ocj0en5tC:\Program Files\snowball warsC:\Program Files\snowball wars\License.txtC:\Program Files\snowball wars\SnowballWars.exeC:\Program Files\snowball wars\uninstaller.exeC:\Program Files\tmp0.exeC:\Program Files\tmp1.exeC:\Program Files\tmp2.exeC:\Program Files\tmp3.exeC:\Program Files\yazzle sudokuC:\Program Files\yazzle sudoku\License.txtC:\Program Files\yazzle sudoku\Sudoku.exeC:\Program Files\yazzle sudoku\uninstaller.exeC:\Temp\sanR24C:\WINDOWS\9129837.exeC:\WINDOWS\blopenvsto.dllC:\WINDOWS\BMfb78aa41.txtC:\WINDOWS\BMfb78aa41.xmlC:\WINDOWS\dat.txtC:\WINDOWS\jokvip.exeC:\WINDOWS\leorop.dllC:\WINDOWS\new_drv.sysC:\WINDOWS\nopzet.dllC:\WINDOWS\pskt.iniC:\WINDOWS\retnsrp.dllC:\WINDOWS\search_res.txtC:\WINDOWS\shell.exeC:\WINDOWS\system32\__c00F20E0.datC:\WINDOWS\system32\awtqooOG.dllC:\WINDOWS\system32\bjgpiiab.dllC:\WINDOWS\system32\blphc7ocj0en5t.scrC:\WINDOWS\system32\cdjpdihq.dllC:\WINDOWS\system32\ceMTtBeg.iniC:\WINDOWS\system32\ceMTtBeg.ini2C:\WINDOWS\system32\cjpniv.dllC:\WINDOWS\system32\cssrss.exeC:\WINDOWS\system32\drivers\b7a36ed3.sysC:\WINDOWS\system32\drivers\Ecfn48.sysC:\WINDOWS\system32\drivers\qandr.sysC:\WINDOWS\system32\drivers\spools.exeC:\WINDOWS\system32\fddjwthp.iniC:\WINDOWS\system32\ftpdll.dllC:\WINDOWS\system32\geBtTMec.dllC:\WINDOWS\system32\ivyjjoiq.dllC:\WINDOWS\system32\ixidrheu.dllC:\WINDOWS\system32\jarplatb.dllC:\WINDOWS\system32\jugqevxg.dllC:\WINDOWS\system32\lekifewh.dllC:\WINDOWS\system32\lphc7ocj0en5t.exeC:\WINDOWS\system32\marwin32.dllC:\WINDOWS\system32\MSINET.ocaC:\WINDOWS\system32\nyqupthp.dllC:\WINDOWS\system32\opeinkgy.dllC:\WINDOWS\system32\pac.txtC:\WINDOWS\system32\phc7ocj0en5t.bmpC:\WINDOWS\system32\phtwjddf.dllC:\WINDOWS\system32\pphc7ocj0en5t.exeC:\WINDOWS\system32\printer.exeC:\WINDOWS\system32\qiojjyvi.iniC:\WINDOWS\system32\rxVNF6.syzC:\WINDOWS\system32\sdgrhuwu.dllC:\WINDOWS\system32\sft.resC:\WINDOWS\system32\spoolvs.exeC:\WINDOWS\system32\taskkill.exeC:\WINDOWS\system32\tasklist.exeC:\WINDOWS\system32\usgfbxrx.dllC:\WINDOWS\system32\vuhnsuof.dllC:\WINDOWS\system32\wind32.exeC:\WINDOWS\system32\wowfx.dllC:\WINDOWS\system32\xtdxqhoc.dllC:\WINDOWS\winlogon.exeC:\Documents and Settings\All Users.\documents\settings . . . . failed to deleteC:\Documents and Settings\All Users.\documents\settings\partnership.dll . . . . failed to delete----- BITS: Possible infected sites -----hxxp://flycodecs.com.((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ECFN48-------\Legacy_new_drv-------\Service_Ecfn48-------\Service_new_drv((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 ))))))))))))))))))))))))))))))).2008-09-30 21:02 . 2008-09-30 01:28 <DIR> d-------- C:\SDFix2008-09-29 08:25 . 2008-09-29 08:25 7,680 --a------ C:\mmhkj.exe2008-09-29 08:25 . 2008-09-29 08:25 29 --a------ C:\WINDOWS\system32\teytgohg.tmp2008-09-29 08:25 . 2008-09-29 08:25 0 --a------ C:\AF.tmp2008-09-29 08:25 . 2008-09-29 08:25 0 --a------ C:\AB.tmp2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A4.tmp2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A3.tmp2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A2.tmp2008-09-29 08:24 . 2008-09-29 08:24 0 --a------ C:\A1.tmp2008-09-29 08:18 . 2008-09-29 09:02 <DIR> d-------- C:\virus2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo072008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\tupdfim.dll2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\papdfim.dll2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple2008-09-29 07:39 . 2008-09-29 08:19 <DIR> d-------- C:\Program Files\FlashGet2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer2008-09-20 23:23 . 2008-09-20 23:37 <DIR> d-------- C:\New Folder2008-09-14 17:33 . 2008-09-29 08:02 <DIR> d-------- C:\WINDOWS\13672008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat2008-09-07 13:02 . 2008-09-07 13:02 <DIR> d-------- C:\Documents and Settings\Administrator2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes2008-09-02 21:22 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe2008-09-02 21:22 . 2008-08-31 00:53 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe2008-09-02 21:22 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe2008-09-02 21:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe2008-09-01 04:50 . 2008-09-01 04:50 <DIR> d-------- C:\WINDOWS\system32\windows media2008-09-01 04:50 . 2008-09-01 04:50 <DIR> d--h----- C:\WINDOWS\msdownld.tmp.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-25 02:19 --------- d-----w C:\Program Files\NOS2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe2008-08-20 13:35 --------- d-----w C:\Program Files\Google.((((((((((((((((((((((((((((( snapshot@2008-09-29_ 7.51.57.53 ))))))))))))))))))))))))))))))))))))))))).+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll+ 2008-09-29 15:25:34 23,118 --sh--r C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"MWGuide"="C:\Program Files\MWGuide\MWGuide.exe" [2007-04-17 229376][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\partnershipreg]2008-09-29 08:24 13587 C:\Documents and Settings\All Users\Documents\Settings\partnership.dll[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^autorun.exe]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exebackup=C:\WINDOWS\pss\autorun.exeCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIALWORKERSTARTER]--a------ 2008-02-17 23:24 26112 C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"=S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ].Contents of the 'Scheduled Tasks' folder.- - - - ORPHANS REMOVED - - - -BHO-{63B25412-D802-4FBA-B26B-60836264977A} - C:\WINDOWS\system32\geBtTMec.dllHKCU-Run-Rmru - C:\DOCUME~1\FAMILY~1\APPLIC~1\MANTEC~1\services.exeHKLM-Run-f84b99dd - C:\WINDOWS\system32\phtwjddf.dllMSConfigStartUp-antiviirus - C:\Program Files\antiviirus.exeMSConfigStartUp-BMfb78aa41 - C:\WINDOWS\system32\bjgpiiab.dllMSConfigStartUp-f84b99dd - C:\WINDOWS\system32\ivyjjoiq.dllMSConfigStartUp-lphc7ocj0en5t - C:\WINDOWS\system32\lphc7ocj0en5t.exeMSConfigStartUp-SMrhc3ocj0en5t - C:\Program Files\rhc3ocj0en5t\rhc3ocj0en5t.exeMSConfigStartUp-iSecurity applet - iSecurity.cpl.------- Supplementary Scan -------.O8 -: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htmO8 -: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-09-30 23:22:52Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------PROCESS: C:\WINDOWS\system32\winlogon.exe-> C:\Documents and Settings\All Users\Documents\Settings\partnership.dll.------------------------ Other Running Processes ------------------------.C:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exe.**************************************************************************.Completion time: 2008-09-30 23:25:40 - machine was rebooted [Family Computer]ComboFix-quarantined-files.txt 2008-10-01 06:25:25ComboFix2.txt 2008-09-29 14:53:16Pre-Run: 75,668,791,296 bytes freePost-Run: 75,690,057,728 bytes free284 --- E O F --- 2008-09-19 02:52:21 Quote Link to post Share on other sites
cdavfrew Posted September 30, 2008 Report Share Posted September 30, 2008 (edited) Hey sarahwPlease download Superantispyware Free and install it. Follow the prompts and reboot if required.Launch Superantispyware Free either by running C:\Program Files\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware...Configuring SuperAntispyware• Click on Preferences.• In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run.• Navigate to the tab Scanning Control.• Make sure only these boxes are checked:Close browsers before scanningScan for tracking cookiesTerminate memory threats before quarantiningScan Alternate Data StreamsUse Kernel Direct File Access (recommended)Use Kernel Direct Registry Access (recommended)Use Direct Disk Access (recommended)• Click on Close.Updating SuperAntispyware• At the main window, click on Check for Updates....• Wait for SuperAntispyware to be fully updated.Scanning Time• Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.• Launch SuperAntispyware.• At the main window, click on Scan your Computer....• Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next.• Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items.• Reboot your computer.Post A Log• Launch SuperAntispyware• Click on Preferences• Navigate to the tab Statistics/Logs.• Choose the latest scan log, and the click on View Log....• Copy and paste the contents of the log here in your next post.Looking good. The malware's retreating. After that, post a new HijackThis log as well.Best Regards Edit: You didn't follow completely my previous instructions. Edited September 30, 2008 by cdavfrew Quote Link to post Share on other sites
sarahw Posted October 1, 2008 Author Report Share Posted October 1, 2008 I am still getting popups saying I am infected. I followed your instructions but couldn't run the scan in safe mode, I would click it and it did nothing.There is also some half naked woman dancing on the screen, I dont want this and cannot let the kids see it I dont remember installing it, how do I get rid of it?Here is the log from normal mode:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 10/01/2008 at 00:04 AMApplication Version : 4.21.1004Core Rules Database Version : 3582Trace Rules Database Version: 1570Scan type : Complete ScanTotal Scan Time : 00:11:51Memory items scanned : 305Memory threats detected : 2Registry items scanned : 2903Registry threats detected : 41File items scanned : 17454File threats detected : 433Trojan.Net-Partnership/WL-Resident C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLLTrojan.Net-AVP/AVT C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\AUTORUN.EXE [spoolsv] C:\WINDOWS\SYSTEM32\SPOOLVS.EXE C:\WINDOWS\SYSTEM32\SPOOLVS.EXE C:\WINDOWS\SHELL.EXETrojan.Downloader-Gen/CinBroom [Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE C:\WINDOWS\SYSTEM32\PRINTER.EXETrojan.Net-Partnership/WL Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#DllName HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Startup HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Impersonate HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#AsynchronousAdware.Tracking Cookie C:\Documents and Settings\Family Computer\Cookies\family_computer@specificclick[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@atdmt[1].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@imrworldwide[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@serving-sys[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@kontera[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@overture[1].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@clickchecker6[2].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txtAdware.ClickSpring/Yazzle HKCR\YazzleSudokuGame HKCR\YazzleSudokuGame\DefaultIcon HKCR\YazzleSudokuGame\shell HKCR\YazzleSudokuGame\shell\Open HKCR\YazzleSudokuGame\shell\Open\command HKLM\Software\Yazzle Sudoku HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#UninstallString C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Uninstall Yazzle Sudoku.lnk C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Yazzle Sudoku License.lnk C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku\Yazzle Sudoku.lnk C:\Documents and Settings\Family Computer\Start Menu\Programs\Yazzle Sudoku C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SUDOKUINSTALLER.EXE C:\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE C:\NEW FOLDER\SUDOKUINSTALLER.EXEUnclassified.Unknown Origin HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Run#Spoolsv [ C:\WINDOWS\system32\spoolvs.exe ]Adware.ClickSpring/Outer Info Network HKCR\OINCS.OINAnalytics HKCR\OINCS.OINAnalytics\CLSID HKCR\OINCS.OINAnalytics\CurVer HKCR\OINCS.OINAnalytics.1 HKCR\OINCS.OINAnalytics.1\CLSID HKCR\AppId\OINAnalytics.DLL HKCR\AppId\OINAnalytics.DLL#AppID HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\OINAnalytics HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#Publisher HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#UninstallString HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#HelpLink HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#InstallLocation HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoModify HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics#NoRepair C:\Program Files\OINAnalytics\OINAnalytics.dll C:\Program Files\OINAnalytics\Uninstall.exe C:\Program Files\OINAnalyticsRogue.NoWayVirus HKLM\Software\NoWayVirus HKLM\Software\NoWayVirus#ProductCode HKU\S-1-5-21-1957994488-1123561945-682003330-1004\Software\NoWayVirusDownloader HKLM\Software\NoWayVirusDownloader HKLM\Software\NoWayVirusDownloader#TotalSize HKLM\Software\NoWayVirusDownloader#SeekPos HKLM\Software\NoWayVirusDownloader#EulaShowedTrojan.SecurityCenter/Fake C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203259-995.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002018.CPL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002020.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0003039.CPL C:\VIRUS\ISECLIVE\ISECURITY.CPL C:\VIRUS\VBOX--4908\123297.TMPAdware.Vundo/Variant C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203300-840.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005141.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005126.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005129.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005132.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005133.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005145.DLLTrojan.LocusSoftware/WSC-Installer C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\INSTALL_SBD_EN.EXE C:\NEW FOLDER\INSTALL_SBD_EN.EXETrojan.Downloader-FuP/TMP C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\23.TMP C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\9.TMP C:\NEW FOLDER\NEW FOLDE2\23.TMP C:\NEW FOLDER\NEW FOLDE2\9.TMP C:\VIRUS\!!!!\27.TMP C:\VIRUS\4F.TMP C:\VIRUS\F.TMPRogue.Ormond-Installer/A C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\INSTALL.EXE C:\NEW FOLDER\NEW FOLDE2\INSTALL.EXETrojan.Malware C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXE C:\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXEAdware.WhenU C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\SETUPDTSB.EXE C:\NEW FOLDER\NEW FOLDER\SETUPDTSB.EXETrojan.Downloader/Media-Codec C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL.EXE C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL2.EXE C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\VIDEOACCESSCODECINSTALL3.EXE C:\NEW FOLDER\VIDEOACCESSCODECINSTALL.EXE C:\NEW FOLDER\VIDEOACCESSCODECINSTALL2.EXE C:\NEW FOLDER\VIDEOACCESSCODECINSTALL3.EXETrojan.Downloader-FindFast/Fake C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\START MENU\PROGRAMS\STARTUP\FINDFAST.EXETrojan.Dropper/Gen-123 C:\MMHKJ.EXERogue.NetProject-Installer C:\NEW FOLDER\COPY (2) OF SETUP.EXETrojan.Unclassified-Packed/Suspicious C:\PROGRAM FILES\POINTGO\POINTGO.DLL C:\VIRUS\ACTVTALK.DLL C:\VIRUS\IESEARCH.DLL C:\VIRUS\ISECLIVE\BROWSE.DLL C:\VIRUS\JFIEHAYD.DLL C:\VIRUS\LUAPVS.DLL C:\VIRUS\QTALK.DLL C:\VIRUS\VBOX--4908\JFIEHAYD.DLL C:\VIRUS\WINSRC[1].DLL C:\VIRUS\WSCMP[1].DLLAdware.ClickSpring-Variant C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\APPLICATION DATA\MANTEC~1\SERVICES.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005108.EXETrojan.Unclassified/FTP-Fake C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\FTPDLL.DLL.VIR C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\LOCALSERVICE\FTPDLL.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FTPDLL.DLL.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002009.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002010.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005095.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005111.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005114.DLL C:\VIRUS\VBOX--4908\FTPDLL.DLLTrojan.Unclassified/AddToKill C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE.VIR C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\CFTMON.EXE.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DRIVERS\SPOOLS.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005094.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005112.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005115.EXE C:\VIRUS\VBOX--4908\SH.EXE C:\VIRUS\ZAE.EXETrojan.Unclassified/Tmp-Gen C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP0.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP1.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP2.EXE.VIR C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\TMP3.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005116.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005117.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005118.EXE C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005119.EXENotHarmful.Sysinternals Bluescreen Screen Saver C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHC7OCJ0EN5T.SCR.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005121.SCRTrojan.Downloader-CREW C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IXIDRHEU.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JARPLATB.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JUGQEVXG.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\LEKIFEWH.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NYQUPTHP.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OPEINKGY.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SDGRHUWU.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VUHNSUOF.DLL.VIR C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XTDXQHOC.DLL.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005134.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005135.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005136.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005137.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005139.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005140.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005144.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005146.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005147.DLLRogue.MalwareProtector/Variant C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PPHC7OCJ0EN5T.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005142.EXETrojan.Unclassified/IFrameStat C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WIND32.EXE.VIR C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005099.EXE C:\VIRUS\VBOX--4908\IFRAMESTAT.EXETrojan.Unclassified/Dropper C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0000009.DLL C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-1.DAT C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-2.DAT C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-3.DAT C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-4.DAT C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-5.DAT C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\SNAPSHOT\MFEX-6.DAT C:\VIRUS\KTGMHS.EXE C:\VIRUS\NYPS4.EXE C:\VIRUS\PWHO495\NYPS4.EXEAdware.Vundo-Variant/J C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005087.DLL C:\VIRUS\!!!!\MGSVFLKW.DLL C:\VIRUS\!!!!\QDNKEWFA.DLL C:\VIRUS\FKDNRWSV.DLL C:\VIRUS\LIVE4608\G0LD\MGSVFLKW.DLL C:\VIRUS\LIVE4608\G0LD\QDNKEWFA.DLL C:\VIRUS\MGSVFLKW.DLL C:\VIRUS\OMLBPKAW.DLL C:\VIRUS\PMSOARBF.DLL C:\VIRUS\PWHO495\4408-2\FKDNRWSV.DLL C:\VIRUS\PWHO495\SXFNEWQB.DLL C:\VIRUS\QDNKEWFA.DLL C:\VIRUS\SXFNEWQB.DLLTrojan.Downloader-Gen/Burre C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005096.DLLTrojan.Net-MSV/VPS-Variant C:\SYSTEM VOLUME INFORMATION\_RESTORE{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005120.DLLTrojan.Dropper/SVCHost-Fake C:\VIRUS\!!!!\SVCHOST.EXE C:\VIRUS\!!!!\1\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\1\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\3\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\4\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\6\SVCHOST.EXE C:\VIRUS\SVCHOST.EXETrojan.Dropper/Gen C:\VIRUS\!!!!\APOXQWFV.EXE C:\VIRUS\APOXQWFV.EXE C:\VIRUS\LIVE4608\G0LD\APOXQWFV.EXE C:\VIRUS\PWHO495\4408-2\DWLTQNMX.EXE C:\VIRUS\PWHO495\~.EXE C:\VIRUS\VBOX--4908\APOXQWFV.EXE C:\VIRUS\~.EXETrojan.Unclassified/Multi-Dropper C:\VIRUS\!!!!\LMLUFOZK.EXE C:\VIRUS\CJSZCVOB.EXE C:\VIRUS\DGDWZQZQ.EXE C:\VIRUS\ISECLIVE\EBIJODYF.EXE C:\VIRUS\ISECLIVE\MZCVYVOJ.EXE C:\VIRUS\ISECLIVE\PXSSRWNO.EXE C:\VIRUS\ISECLIVE\UDKBGXMJ.EXE C:\VIRUS\ISECLIVE\UHSHAZWB.EXE C:\VIRUS\KVCVCLYF.EXE C:\VIRUS\LIVE4608\G0LD\TWPGXYRO.EXE C:\VIRUS\MZKPMREN.EXE C:\VIRUS\MZWREBKP.EXE C:\VIRUS\OPIZQPGN.EXE C:\VIRUS\PWHO495\SPCXUZIP.EXE C:\VIRUS\QJKPKLSJ.EXE C:\VIRUS\REJAPSFE.EXE C:\VIRUS\UVSPKBKB.EXEAdware.SXGAdvisor-A C:\VIRUS\!!!!\TEMLXOPQQWM.DLL C:\VIRUS\LGMXVPATFBO.DLL C:\VIRUS\LGMXVPATGBN.DLL C:\VIRUS\LIVE4608\G0LD\TEMLXOPQFTG.DLL C:\VIRUS\PWHO495\SVPEKGONGPV.DLL C:\VIRUS\SVPEKGONWVX.DLL C:\VIRUS\TEMLXOPQGDK.DLL C:\VIRUS\TEMLXOPQMLF.DLL C:\VIRUS\VBOX--4908\TEMLXOPQTGA.DLLTrojan.Unclassified/UserInit-Fake C:\VIRUS\!!!!\USERINIT.EXE C:\VIRUS\PWHO495\USERINIT.EXETrojan.Unclassified/GTS C:\VIRUS\!!!!\VNBPTXLF.DLL C:\VIRUS\LIVE4608\G0LD\VNBPTXLF.DLL C:\VIRUS\QTVGLPED.DLL C:\VIRUS\STFNGDVW.DLL C:\VIRUS\VBOX--4908\VNBPTXLF.DLL C:\VIRUS\VNBPTXLF.DLLAdware.ClickSpring C:\VIRUS\!UPDATE.EXETrojan.Downloader-Gen/Micky C:\VIRUS\1.DLLB C:\VIRUS\5.DLLB C:\VIRUS\6.DLLB C:\VIRUS\7.DLLB C:\VIRUS\VBOX--4908\6.DLLB C:\VIRUS\VBOX--4908\1.DLLB C:\VIRUS\VBOX--4908\5.DLLB C:\VIRUS\VBOX--4908\7.DLLBTrojan.Unclassified/GGD-Gen C:\VIRUS\1103[1].EXE C:\VIRUS\64[1].EXE C:\VIRUS\BHO[1].EXE C:\VIRUS\PSSB487.EXE C:\VIRUS\PSSB497.EXE C:\VIRUS\PWHO495\BHO[1].EXE C:\VIRUS\PWHO495\PWHO427.EXE C:\VIRUS\VBOX--4908\WCAV472.EXE C:\VIRUS\VBOX--4908\WCAV487.EXE C:\VIRUS\VBOX--4908\WCAV497.EXE C:\VIRUS\WCAV472.EXE C:\VIRUS\WCAV497.EXETrojan.Unclassified/Loader-Service C:\VIRUS\191855.TMP C:\VIRUS\3522565.TMP C:\VIRUS\3811891.TMP C:\VIRUS\BABKI.EXE C:\VIRUS\LIVE4608\G0LD\1505534.TMP C:\VIRUS\PWHO495\1207308349[1].EXE C:\VIRUS\RUDKGSSK.EXE C:\VIRUS\TIFS\1207703520[1].EXE C:\VIRUS\VBOX--4908\118490.TMP C:\VIRUS\VBOX--4908\BABKINEPAXNUT.EXE C:\WINDOWS\INSTALLER\{D2AD16E3-FA3A-4C0B-9B24-22018764CC8B}\ZIP.DLLAdware.E404 Helper/Variant-A C:\VIRUS\215651\215651.DLL C:\VIRUS\624855\624855.DLL C:\VIRUS\SDFERW[1].HTMTrojan.Downloader-WNSET/N C:\VIRUS\2267877664.EXE C:\VIRUS\VBOX--4908\2468093456.EXETrojan.Unknown Origin C:\VIRUS\8.TMP C:\VIRUS\ACPUW.EXE C:\VIRUS\B138.EXE C:\VIRUS\CC.LN C:\VIRUS\HYTCI.EXE C:\VIRUS\INST250[1].EXE C:\VIRUS\IRTM[1].EXE C:\VIRUS\KIS[1].EXE C:\VIRUS\LGHT.LN C:\VIRUS\MSNF.LN C:\VIRUS\NTPL.BIN C:\VIRUS\SBMF.LN C:\VIRUS\PRYX.LN C:\VIRUS\PSSB498.EXE C:\VIRUS\PSSB502.EXE C:\VIRUS\PWHO495\INST250[1].EXE C:\VIRUS\PWHO495\PINCH2[1].EXE C:\VIRUS\PWHO495\PWHO469.EXE C:\VIRUS\PWHO495\PWHO476.EXE C:\VIRUS\RAESWXXO[1].HTM C:\VIRUS\RWHUCV.EXE C:\VIRUS\TOR[1].EXE C:\VIRUS\VBOX--4908\22.TMP C:\VIRUS\VBOX--4908\75302.EXE C:\VIRUS\VBOX--4908\B.TMP C:\VIRUS\VBOX--4908\D.TMP C:\VIRUS\VBOX--4908\INST250[1].EXE C:\VIRUS\VBOX--4908\LOAD3.EXE C:\VIRUS\VBOX--4908\PINCH2[1].EXE C:\VIRUS\VBOX--4908\WINZL1[1].EXE C:\VIRUS\VBOX--4908\ZEQBQWP.SYS C:\VIRUS\VBOX--4908\ZLOI[1].EXE C:\VIRUS\VESP486\VESP469.EXE C:\VIRUS\WXEBXBO.EXE C:\VIRUS\ZEQBQWP.SYS C:\VIRUS\ZLOI[1].EXEAdware.Dropper/BHAREBIO C:\VIRUS\BHAREBIO01\BHAREBIO011065.EXETrojan.Unclassifed/A3-Dropper C:\VIRUS\A34-TMPAOI.EXE C:\VIRUS\TIFS\DRV32[1].DATATrojan.Unclassified/A3-Tmp C:\VIRUS\A45-TMP.EXETrojan.Unclassified/Multi-Dropper (Packed) C:\VIRUS\ABBCT[1].HTM C:\VIRUS\HGFQNUXA.EXE C:\VIRUS\VBOX--4908\WPUFQPWT\AXCZENQT.EXETrojan.Phake C:\VIRUS\APCSVRA.DLL C:\VIRUS\APCSVRA.EXEAdware.Quantic/TargetedAds C:\VIRUS\ATGBAN.DLLRootkit.TNCore-Variant/A C:\VIRUS\ATINXBXXX.SYSAdware.Vundo-Variant C:\VIRUS\AWTUUVPG.DLL C:\VIRUS\HGGAYAYR.DLL C:\VIRUS\JKKBUTJC.DLL C:\VIRUS\OPNNNLJG.DLL C:\VIRUS\VBOX--4908\BYXUTUV.DLL C:\VIRUS\VBOX--4908\QOMEBTQI.DLL C:\VIRUS\VTUKLLLK.DLL C:\VIRUS\XXYWXPFU.DLL C:\VIRUS\YAYYWONM.DLLTrojan.Downloader-Gen/Installer C:\VIRUS\B104.EXETrojan.Downloader-Gen/Bundle Installer C:\VIRUS\B116.EXE C:\VIRUS\B153.EXE C:\VIRUS\B155.EXE C:\VIRUS\B156.EXETrojan.FakeAlert-Gen/Variant C:\VIRUS\BAOOHY.DLL C:\VIRUS\RKVDR.DLLTrojan.Unclassified/Twain_32-Fake C:\VIRUS\BIO2.EXE C:\VIRUS\MGSVFLKW.EXEBugs! Screensaver C:\VIRUS\BLACKSTER.SCRAdware.Vundo-Variant/H C:\VIRUS\BYXRKHBS.DLL C:\VIRUS\DDCCVNDS.DLL C:\VIRUS\DDCYOPHX.DLL C:\VIRUS\JKKKBCRR.DLL C:\VIRUS\LJJATMCV.DLL C:\VIRUS\TUVSKIAX.DLL C:\VIRUS\TUVVOIAR.DLL C:\VIRUS\WVULIGDE.DLLTrojan.Dropper/Gen-PHP C:\VIRUS\COUNT[1].PHP C:\VIRUS\EXE[1].PHP C:\VIRUS\LOAD1.PHP C:\VIRUS\LOAD2.PHP C:\VIRUS\LOAD3.PHPTrojan.Unclassified/Cryper C:\VIRUS\CRYPER.DLLTrojan.Downloader-CSRSS/Fake C:\VIRUS\CSRSS.EXETrojan.Csrssc/Systemc-A C:\VIRUS\CSRSSC.EXE C:\VIRUS\VBOX--4908\CSRSSC.EXETrojan.Unclassified/CTFMONA C:\VIRUS\CTFMONA.EXETrojan.Downloader-Gen/NVidia-Fake C:\VIRUS\DLLNVRSMARogue.Files-Secure/Installer C:\VIRUS\DSAIP32B.DLL C:\VIRUS\PWHO495\4408-2\KIASYS.DLLAdware.Adservs C:\VIRUS\EXTMP\BMV35GUI.EXETrojan.Unclassified/FileXXX-Suspicious C:\VIRUS\FILE645.EXE C:\VIRUS\VBOX--4908\FILE768.EXETrojan.Downloader-AgentDQ C:\VIRUS\FIXMAPI.DLLTrojan.JointMediaGroup-Component C:\VIRUS\IVWWNF[1].HTMTrojan.Unclassified/Network-Fake C:\VIRUS\HEAD2.EXE C:\VIRUS\TMPB.TMPTrojan.DNSChanger-Codec C:\VIRUS\HEROCODEC1176[1].EXE C:\VIRUS\IXCODEC1176[1].EXE C:\VIRUS\JETCODEC4531.EXERootkit.TNCore-Installer C:\VIRUS\IDE2\MDLLCOM2.EXETrojan.Downloader-Gen/IEUPD C:\VIRUS\IEUPDR2.EXETrojan.Unclassified/IEXPiOre C:\VIRUS\IEXPIORE.EXETrojan.Unclassified/SCInst-WL C:\VIRUS\JELKRATOF.SYS C:\VIRUS\PKJELGNAP.NLSTrojan.Net-Kavir C:\VIRUS\KAVIR.EXETrojan.Unclassified/MXKB C:\VIRUS\KBVXXO.EXE C:\VIRUS\MXUXC.EXEAdware.Vundo Variant C:\VIRUS\KOIRGUU.DLL C:\VIRUS\ZDJ.DLLTrojan.Downloader-Gen/Update-Suspicious C:\VIRUS\KRAB[1].EXE C:\VIRUS\PSSB491.EXE C:\VIRUS\PWHO495\KRAB[1].EXE C:\VIRUS\VBOX--4908\KRAB[1].EXERogue.Multi-Dropper/Installer C:\VIRUS\LFN.EXE C:\VIRUS\WMSDKNS.EXETrojan.Backdoor-SVSHost C:\VIRUS\LIVE4608\G0LD\2\SVCHOST.EXE C:\VIRUS\LIVE4608\G0LD\WININET.EXETrojan.Downloader-SVCHost/Fake C:\VIRUS\LIVE4608\G0LD\8\SVCHOST.EXETrojan.Unclassified/MSSRV32 C:\VIRUS\LIVE4608\G0LD\MSSRV32.EXERootkit.DProt C:\VIRUS\LIVE4608\GOLDDIVXRSTrojan.MediaTubeCodec C:\VIRUS\MEDIATUBECODEC[1].EXETrojan.Downloader-Gen/MROFIN C:\VIRUS\MROFINU1000106.EXE C:\VIRUS\MROFINU1535.EXE C:\VIRUS\MROFINU27.EXE C:\VIRUS\MROFINU572.EXE C:\VIRUS\MROFINU572.EXE.TMP C:\VIRUS\VBOX--4908\MROFINU27.EXE C:\VIRUS\VBOX--4908\MROFINU27.EXE.TMPTrojan.Multi-Dropper/Gen C:\VIRUS\NPQTSRAK.EXE C:\VIRUS\RTQMEKWG.EXETrojan.Unclassified/BrowserDriver C:\VIRUS\PINZ1\CEGMGR76.EXE C:\VIRUS\RWWNW64D.EXETrojan.Unclassified/CmdUtil C:\VIRUS\PROCACT.DLLRootkit.BraviaX-Installer C:\VIRUS\PWHO495\4408-2\A0008097.SYSTrojan.Unclassified/IExplorer-Fake C:\VIRUS\PWHO495\4408-2\IEXPIORE.EXETrojan.Unclassified/BloothTooth-Fake/B C:\VIRUS\PWHO495\LIN.EXEAdware.SellBuyTraff C:\VIRUS\PWHO495\ORDER384145.EXETrojan.Unclassified/AffiliateBundle C:\VIRUS\QOMDBUNF.DLLTrojan.Unclassified/CSRSS-Fake C:\VIRUS\RBILHPZZ.EXE C:\VIRUS\VBOX--4908\11[1].EXE C:\VIRUS\VBOX--4908\C.EXERootkit.Filter-Gen C:\VIRUS\SENT-DRIVERSTrojan.Unclassified/SRVInfo C:\VIRUS\STRADMSMART.DLL C:\VIRUS\UISRV.DLLTrojan.VXGame-Gen C:\VIRUS\V4XD6.GAM5E C:\VIRUS\V6XDT4.GAME C:\VIRUS\VBOX--4908\V4XD3.GA2ME C:\VIRUS\VBOX--4908\V4XD6.GAM5E C:\VIRUS\VBOX--4908\V5XD4.GA2ME C:\VIRUS\VBOX--4908\V6XDT4.GAME C:\VIRUS\VBOX--4908\VX1DT1.GAME C:\VIRUS\VBOX--4908\VX1DT3.GAME C:\VIRUS\VBOX--4908\VX3DT2.GAMETrojan.Unclassified/Users32 C:\VIRUS\USERS32.DATTrojan.Dropper/Gen-NV C:\VIRUS\WIDUXNGQ.SYS C:\VIRUS\XTNSHT.EXETrojan.VXGame-Variant/B C:\VIRUS\V5XD2.G3AME C:\VIRUS\VBOX--4908\V5XD2.G3AMETrojan.Unclassified/CUSGI C:\VIRUS\VBOX--4908\32DF.TMPTrojan.Unclassified/AutoEX C:\VIRUS\VBOX--4908\AUTOEX.DLLTrojan.Downloader-Gen/IE_Updater C:\VIRUS\VBOX--4908\IE_UPDATES3R.EXE C:\VIRUS\VESP486\IE_UPDATES3R.EXETrojan.Unclassified/CFTMon-Fake C:\VIRUS\VBOX--4908\CFTMON.EXETrojan.Unclassified/Sompotam C:\VIRUS\VBOX--4908\DSXMM.DLLRootkit.QTPlugin C:\VIRUS\VBOX--4908\HDPORT.SYS C:\VIRUS\VBOX--4908\QTPLUGIN.EXE C:\VIRUS\VBOX--4908\QTPROT.SYSDialer.Dial/Gen Variant C:\VIRUS\VBOX--4908\MAXPAYNOWTI.GAMETrojan.Downloader-Gen C:\VIRUS\VBOX--4908\ISECURITY.CPLTrojan.VXGame-Variant/C C:\VIRUS\VBOX--4908\MAXPAYNOW.GAMEAdware.VideoAccessCodec/Gen C:\VIRUS\VBOX--4908\QDNKEWFA.DLLTrojan.Unclassified/WinSelf C:\VIRUS\VBOX--4908\SYSTIME C:\VIRUS\VBOX--4908\WINSELF.EXE C:\VIRUS\WINSELF.EXETrojan.Unclassified/WCAV-Gen C:\VIRUS\VBOX--4908\WCAV463.EXE C:\VIRUS\VBOX--4908\WCAV469.EXE C:\VIRUS\VBOX--4908\WCAV486.EXE C:\VIRUS\VBOX--4908\WCAV498.EXE C:\VIRUS\VBOX--4908\WCAV499.EXE C:\VIRUS\VBOX--4908\WCAV500.EXE C:\VIRUS\WCAV282.EXE C:\VIRUS\WCAV463.EXE C:\VIRUS\WCAV469.EXE C:\VIRUS\WCAV486.EXE C:\VIRUS\WCAV512.EXETrojan.Downloader-Gen/WinLogan-A C:\VIRUS\VBOX--4908\WINLOGAN.EXERogue.Unclassified/Mutli-Installer C:\VIRUS\VESP486\60325CAHP25CAN.EXE C:\VIRUS\VESP486\60325CAHP25CAR.EXETrojan.Downloader-Gen/Win C:\VIRUS\VESP486\INSTALL[1]\ALT[1].EXETrojan.Net-SvHoster C:\VIRUS\VESP486\SVHOST.EXETrojan.Unclassified/Partnership-Dropper C:\VIRUS\VESP486\VESP472.EXETrojan.Unclassified/WHCSTD32 C:\VIRUS\WHCSTD32.DLLTrojan.Downloader-Winlogon/FAS C:\VIRUS\WINLOGON.EXEAdware.Yazzle-Installer C:\VIRUS\YAZZSNET.EXERogue.MultiComponents/Trace C:\WINDOWS\INSTALLER\{6A9593C3-A96F-406A-BCD6-5A547A09B58E}\ALRTSYS.DLLTrojan.Unclassified/BhoApp C:\WINDOWS\SYSTEM32\PAPDFIM.DLL C:\WINDOWS\SYSTEM32\TUPDFIM.DLL Quote Link to post Share on other sites
cdavfrew Posted October 1, 2008 Report Share Posted October 1, 2008 Hey sarahwDelete your previous version of SDFixDownload SDFix and save it to your Desktop.Double click SDFix.exe and it will extract the files to %systemdrive%(Drive that contains the Windows Directory, typically C:\SDFix)Please then reboot your computer into Safe Mode by doing the following:• Restart your computer• After pressing the power button, repeatedly tap the F8 key.• Instead of Windows loading as normal, the Advanced Options Menu should appear;• Select the first option, to run Windows in Safe Mode, then press Enter.• Choose the administrator's account.• Open the extracted SDFix folder and double click RunThis.bat to start the script.• Type Y to begin the cleanup process.• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.• Press any Key and it will restart the PC.• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.• Once the desktop icons load, the SDFix report will open on screen and will also save into the SDFix folder as Report.txt(Report.txt will also be copied to Clipboard ready for posting back on the forum)• Finally paste the contents of the Report.txt here.Best Regards Quote Link to post Share on other sites
sarahw Posted October 1, 2008 Author Report Share Posted October 1, 2008 SDFix: Version 1.230 Run by Administrator on 2008-10-02 at 01:54Microsoft Windows XP [Version 5.1.2600]Running From: C:\SDFixChecking Services :Restoring Default Security ValuesRestoring Default Hosts FileRestoring Missing SharedAccess Service RebootingChecking Files : Trojan Files Found:C:\A1.TMP - DeletedC:\A2.TMP - DeletedC:\A3.TMP - DeletedC:\A4.TMP - DeletedC:\AB.TMP - DeletedC:\AF.TMP - DeletedC:\Documents and Settings\All Users\Documents\Settings\partnership.dll - DeletedC:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe - DeletedC:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe - DeletedC:\WINDOWS\shell.exe - DeletedC:\WINDOWS\system32\printer.exe - DeletedC:\WINDOWS\system32\spoolvs.exe - DeletedFolder C:\Documents and Settings\All Users\Documents\Settings - RemovedRemoving Temp FilesADS Check : Final Check :catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-02 02:03:30Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ...scanning hidden services & system hive ...scanning hidden registry entries ...scanning hidden files ...scan completed successfullyhidden processes: 0hidden services: 0hidden files: 0Remaining Services :Authorized Application Key Export:[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019""%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Family Computer\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019""%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Family Computer\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe"="C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019""C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe"="C:\\Documents and Settings\\Administrator\\Application Data\\mcrupdate.exe:*:Enabled:@xpsp2res.dll,-22019"Remaining Files :File Backups: - C:\SDFix\backups\backups.zipFiles with Hidden Attributes :Fri 11 Apr 2008 37,888 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005308.exe"Fri 11 Apr 2008 37,888 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005310.exe"Fri 11 Apr 2008 22,016 A.SH. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005339.dll"Thu 10 Apr 2008 15,505 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005367.exe"Thu 3 Apr 2008 46,080 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005577.exe"Thu 3 Apr 2008 47,104 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005578.exe"Thu 3 Apr 2008 35,840 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005581.exe"Thu 3 Apr 2008 35,840 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005586.exe"Wed 9 Apr 2008 30,208 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005600.exe"Wed 9 Apr 2008 15,505 A..H. --- "C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005608.exe"Mon 29 Sep 2008 19,174 ..SHR --- "C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll"Mon 29 Sep 2008 23,118 ..SHR --- "C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll"Finished! Quote Link to post Share on other sites
cdavfrew Posted October 2, 2008 Report Share Posted October 2, 2008 (edited) Hey sarahwPlease boot into safe mode and run Combo-Fix.exe from there once more. Post the ComboFix log here.After that, try doing a scan with SuperAntispyware in safe mode again. If it still doesn't work, do it in normal mode. Post the log here.Best Regards Edited October 2, 2008 by cdavfrew Quote Link to post Share on other sites
sarahw Posted October 3, 2008 Author Report Share Posted October 3, 2008 Hi,I feel that we are going in circles with the same stuff. Can't we actually fix it instead of running programs? Quote Link to post Share on other sites
cdavfrew Posted October 4, 2008 Report Share Posted October 4, 2008 (edited) Hey sarahwPlease note that running programs is what will fix this problem. To fix it manually will take a long time.Just do this one more step: run SuperAntispyware in safe mode again, and then post the log here. It seems that some of the malware still remains stuck on your computer, and I need to know which. This will allow for the most thorough cleanup of your computer, instead of directly fixing using online scanners and such. Best Regards Edited October 4, 2008 by cdavfrew Quote Link to post Share on other sites
sarahw Posted October 4, 2008 Author Report Share Posted October 4, 2008 Hi,What does it mean: WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!?Here are the Combofix and SAS logs in Safe Mode:ComboFix 08-09-28.03 - Administrator 2008-10-04 16:33:39.10 - NTFSx86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.854 [GMT -7:00]Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exeWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exeC:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exeC:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exeC:\WINDOWS\shell.exeC:\WINDOWS\system32\printer.exeC:\WINDOWS\system32\spoolvs.exe.((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 ))))))))))))))))))))))))))))))).2008-10-02 01:51 . 2008-10-02 01:51 <DIR> d-------- C:\WINDOWS\ERUNT2008-09-30 23:47 . 2008-09-30 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\SUPERAntiSpyware.com2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2008-09-30 23:23 . 2008-09-30 23:23 319,488 --a------ C:\WINDOWS\drxinstp.exe2008-09-30 21:02 . 2008-10-02 02:04 <DIR> d-------- C:\SDFix2008-09-29 08:25 . 2008-09-29 08:25 29 --a------ C:\WINDOWS\system32\teytgohg.tmp2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo072008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\tupdfim.dll2008-09-29 07:56 . 2008-09-29 07:56 13,312 --a------ C:\WINDOWS\system32\papdfim.dll2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple2008-09-29 07:39 . 2008-10-02 02:16 <DIR> d-------- C:\Program Files\FlashGet2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\WINDOWS\13672008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat2008-09-07 13:02 . 2008-10-02 01:48 <DIR> d-------- C:\Documents and Settings\Administrator2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-15 00:35 --------- d-----w C:\Program Files\InCtrl52008-08-31 07:53 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll2008-08-29 05:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe2008-08-25 02:19 --------- d-----w C:\Program Files\NOS2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe2008-08-20 13:35 --------- d-----w C:\Program Files\Google2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll.((((((((((((((((((((((((((((( snapshot@2008-09-29_ 7.51.57.53 ))))))))))))))))))))))))))))))))))))))))).+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE+ 2008-10-02 08:51:39 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT+ 2008-10-02 08:51:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE+ 2008-10-02 08:51:34 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT+ 2008-10-02 08:51:34 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll+ 2008-10-01 06:37:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe+ 2008-10-01 06:37:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe+ 2008-09-29 15:25:34 23,118 --sh--r C:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dll+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]"SMSERIALWORKERSTARTER"="C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exe" [2008-02-17 26112]"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\FlashGet\\flashget.exe"=S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ].Contents of the 'Scheduled Tasks' folder.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-04 16:34:55Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-10-04 16:36:04ComboFix-quarantined-files.txt 2008-10-04 23:36:01ComboFix2.txt 2008-10-01 06:25:41ComboFix3.txt 2008-09-29 14:53:16Pre-Run: 75,455,602,688 bytes freePost-Run: 75,457,363,968 bytes free152 --- E O F --- 2008-09-19 02:52:21SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 10/04/2008 at 04:45 PMApplication Version : 4.21.1004Core Rules Database Version : 3555Trace Rules Database Version: 1543Scan type : Quick ScanTotal Scan Time : 00:08:11Memory items scanned : 152Memory threats detected : 0Registry items scanned : 250Registry threats detected : 15File items scanned : 2831File threats detected : 31Adware.Tracking Cookie C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@imrworldwide[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@kontera[2].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][1].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@serving-sys[2].txt C:\Documents and Settings\Family Computer\Cookies\[email protected][2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@atdmt[2].txt C:\Documents and Settings\Family Computer\Cookies\family_computer@overture[1].txt C:\WINDOWS\system32\config\systemprofile\Cookies\system@atdmt[2].txt C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txtAdware.ClickSpring/Yazzle HKCR\YazzleSudokuGame HKCR\YazzleSudokuGame\DefaultIcon HKCR\YazzleSudokuGame\shell HKCR\YazzleSudokuGame\shell\Open HKCR\YazzleSudokuGame\shell\Open\command HKLM\Software\Yazzle Sudoku HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#DisplayName HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YazzleSudoku#UninstallString C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SNOWBALLWARSINSTALLER.EXE C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\SUDOKUINSTALLER.EXETrojan.SecurityCenter/Fake C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\BACKUPS\BACKUP-20080930-203259-995.DLLTrojan.Downloader-FuP/TMP C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\23.TMP C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDE2\9.TMPTrojan.Malware C:\DOCUMENTS AND SETTINGS\FAMILY COMPUTER\DESKTOP\NEW FOLDER\NEW FOLDER\MW_INSTALL.EXETrojan.Unclassified/Loader-Service C:\WINDOWS\INSTALLER\{D2AD16E3-FA3A-4C0B-9B24-22018764CC8B}\ZIP.DLL Quote Link to post Share on other sites
cdavfrew Posted October 4, 2008 Report Share Posted October 4, 2008 Wonderful. I have all the information I need. There are still a few malware files remaining on your computer, and Malwarebytes will fix them. I will answer all your questions later. It seems that you used to have Malwarebytes. If you have already uninstalled it, please follow the instructions regarding downloading and installing it.. Please download Malwarebytes' Anti-Malware to your desktop.• Double-click mbam-setup.exe and follow the prompts to install the program.• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.• If an update is found, it will download and install the latest version.• Once the program has loaded, select Perform full scan, then click Scan.• When the scan is complete, click OK, then Show Results to view the results.• Be sure that everything is checked, and click Remove Selected. << Do Not Forget This!!• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt• Please post contents of that file in your next reply.Best Regards PS: Sorry if I'm dragging this too long... I just wanted to be sure of the malware's behavior. As for installing the recovery console, I didn't think that was necessary. Quote Link to post Share on other sites
sarahw Posted October 4, 2008 Author Report Share Posted October 4, 2008 Malwarebytes' Anti-Malware 1.28Database version: 1227Windows 5.1.2600 Service Pack 22008-10-05 08:19:45mbam-log-2008-10-05 (08-19-45).txtScan type: Full Scan (C:\|)Objects scanned: 51230Time elapsed: 12 minute(s), 39 second(s)Memory Processes Infected: 1Memory Modules Infected: 0Registry Keys Infected: 8Registry Values Infected: 3Registry Data Items Infected: 0Folders Infected: 1Files Infected: 395Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:C:\QooBox\Quarantine\C\Documents and Settings\Administrator\Start Menu\Programs\Startup\findfast.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\Application Data\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Documents and Settings\Family Computer\Start Menu\Programs\Startup\findfast.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Documents and Settings\LocalService\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Program Files\tmp0.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Program Files\tmp1.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Program Files\tmp2.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\Program Files\tmp3.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\9129837.exe.vir (Spyware.Papras) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\new_drv.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\awtqooOG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\bjgpiiab.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\blphc7ocj0en5t.scr.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\cjpniv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\sdgrhuwu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\spoolvs.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\usgfbxrx.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\vuhnsuof.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\wind32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\xtdxqhoc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\ftpdll.dll.vir (Trojan.Dropper) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\geBtTMec.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\ivyjjoiq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\ixidrheu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\jarplatb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\jugqevxg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\lekifewh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\marwin32.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\nyqupthp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\opeinkgy.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\b7a36ed3.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0000009.dll (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002004.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002009.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002010.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002018.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0002020.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0003039.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005085.exe (Spyware.Papras) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005088.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005092.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005095.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005096.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005097.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005098.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005099.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005110.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005111.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005113.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005114.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005116.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005117.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005118.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005119.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005121.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005125.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005129.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005130.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005132.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005133.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005134.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005135.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005136.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005137.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005139.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005140.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005144.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005145.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005146.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\A0005147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-1.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-2.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-3.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-4.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-5.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP1\snapshot\MFEX-6.DAT (Trojan.Qhost) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005232.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005233.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005235.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005240.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005241.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005242.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005243.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005250.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005251.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005252.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005257.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005258.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005259.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005265.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005266.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005783.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005784.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005785.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005786.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005787.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005788.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005272.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005286.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005297.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005299.exe (Adware.PurityScan) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005301.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005302.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005231.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005249.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005303.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005321.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005339.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005393.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005411.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005429.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005447.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005465.exe (Worm.Socks) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005483.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005500.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005305.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005308.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005309.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005310.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005315.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005319.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005320.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005322.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005323.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005325.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005327.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005329.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005333.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005334.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005336.dll (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005337.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005338.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005340.dll (Adware.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005341.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005343.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005344.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005345.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005346.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005347.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005348.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005349.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005350.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005351.dll (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005352.exe (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005353.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005354.scr (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005355.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005356.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005358.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005359.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005362.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005363.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005365.dll (Spyware.Delf) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005366.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005367.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005368.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005371.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005374.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005376.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005381.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005383.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005385.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005387.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005394.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005395.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005397.exe (Backdoor.PcClient) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005398.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005401.exe (Spyware.Papras) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005402.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005404.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005406.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005407.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005410.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005412.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005413.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005414.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005415.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005417.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005419.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005422.exe (Worm.Socks) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005424.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005425.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005427.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005431.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005432.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005434.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005436.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005439.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005440.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005442.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005444.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005451.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005452.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005453.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005454.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005455.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005456.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005457.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005458.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005459.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005460.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005461.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005463.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005464.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005466.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005468.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005473.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005475.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005477.exe (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005481.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005482.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005484.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005485.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005488.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005489.dll (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005490.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005491.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005492.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005494.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005495.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005496.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005497.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005498.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005499.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005503.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005509.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005512.dll (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005514.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005522.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005523.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005525.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005527.exe (Spyware.Zbot) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005529.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005530.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005531.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005532.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005537.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005539.exe (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005540.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005541.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005542.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005544.exe (Rogue.Installer) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005547.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005549.dll (Adware.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005551.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005553.dll (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005555.exe (Backdoor.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005556.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005558.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005560.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005561.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005562.exe (Adware.PurityScan) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005563.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005564.sys (Backdoor.Rustock) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005565.dll (Adware.PurityScan) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005566.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005567.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005568.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005569.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005574.exe (Adware.Trafficsol) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005575.exe (Spyware.Banker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005576.exe (Spyware.Banker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005577.exe (Spyware.Banker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005582.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005587.dll (Spyware.Finanz) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005588.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005591.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005593.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005597.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005602.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005603.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005604.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005609.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005610.dll (Spyware.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005612.dll (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005613.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005614.sys (Rootkit.Spambot) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005617.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005618.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005620.cpl (Rogue.ISecurity) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005621.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005625.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005627.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005628.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005630.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005632.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005635.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005637.sys (Rootkit.Spambot) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005638.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005639.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005640.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005645.exe (Proxy.Xorpix) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005647.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005648.exe (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005650.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005653.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005654.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005656.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005657.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005658.sys (Rootkit.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005660.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005661.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005664.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005665.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005667.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005668.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005672.exe (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005674.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005677.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005678.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005679.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005682.exe (Trojan.Clicker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005683.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005684.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005687.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005692.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005693.exe (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005695.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005697.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005699.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005704.exe (Adware.ZeroSearch) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005707.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005710.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005715.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005716.dll (Trojan.Zlob) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005717.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005722.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005726.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005731.dll (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005733.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005734.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005735.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005736.cpl (Rouge.ISecurity) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005737.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005738.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005739.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005740.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005741.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005742.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005743.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005744.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005745.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005746.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005747.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005748.exe (Trojan.Dropper) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005749.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005751.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005752.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005753.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005754.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005755.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005756.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005757.dll (Trojan.BHO) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005759.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005764.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005828.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005829.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005830.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005831.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005536.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005554.exe (Trojan.Downloader) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005608.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005644.exe (Trojan.Pakes) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005662.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005732.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005750.dll (Trojan.Vundo) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005778.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005836.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005837.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005838.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005842.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005843.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005844.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005845.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005852.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005853.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{7E0D4878-4773-4554-882D-61DDA4F75AB4}\RP2\A0005891.dll (Rouge.ISecurity) -> Quarantined and deleted successfully. Quote Link to post Share on other sites
cdavfrew Posted October 5, 2008 Report Share Posted October 5, 2008 Hey sarahwFirst, I want you to enable the viewing of hidden files.• Click Start. • Open My Computer. • Select the Tools menu and click Folder Options. • Select the View Tab. • Under the Hidden files and folders heading select Show hidden files and folders. • Uncheck the Hide protected operating system files (recommended) option. • Click Yes to confirm. • Click OK.Next, please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.Open Notepad and copy/paste the text in the code box below into it:File::C:\WINDOWS\system32\tupdfim.dllC:\WINDOWS\system32\papdfim.dllC:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exeC:\WINDOWS\system32\teytgohg.tmpC:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dllRegistry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SMSERIALWORKERSTARTER"=-Save this as CFScript.txt in the same folder as ComboFix.Then drag the CFScript.txt into Combo-Fix.exe.This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).Do not click on the ComoboFix window, as it may cause it to stall.After that, please locate the following files:C:\WINDOWS\system32\dllcache\beep.sysC:\WINDOWS\system32\drivers\b7a36ed3.sysC:\WINDOWS\system32\iDlo07\iDlo071084.exeC:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exeC:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exeUpload each of these files to VirusTotal.com, and post the results here.Also post a fresh HijackThis log.Any more problems with your computer?Best Regards Quote Link to post Share on other sites
sarahw Posted October 5, 2008 Author Report Share Posted October 5, 2008 ComboFix 08-09-27.06 - Family Computer 2008-10-05 15:03:31.11 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.734 [GMT -7:00]Running from: C:\Documents and Settings\Family Computer\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Family Computer\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exeC:\WINDOWS\Installer\{d2ad16e3-fa3a-4c0b-9b24-22018764cc8b}\zip.dllC:\WINDOWS\system32\papdfim.dllC:\WINDOWS\system32\teytgohg.tmpC:\WINDOWS\system32\tupdfim.dll.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Family Computer\Desktop\New Folder\winstrse.exeC:\WINDOWS\system32\papdfim.dllC:\WINDOWS\system32\teytgohg.tmpC:\WINDOWS\system32\tupdfim.dll.((((((((((((((((((((((((( Files Created from 2008-09-05 to 2008-10-05 ))))))))))))))))))))))))))))))).2008-10-04 17:45 . 2008-10-04 17:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-10-04 17:45 . 2008-10-04 17:45 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Malwarebytes2008-10-04 17:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys2008-10-04 17:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-10-04 16:33 . 2008-10-04 16:36 <DIR> d-------- C:\Combo-Fix2008-10-02 01:51 . 2008-10-02 01:51 <DIR> d-------- C:\WINDOWS\ERUNT2008-09-30 23:47 . 2008-09-30 23:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\SUPERAntiSpyware.com2008-09-30 23:37 . 2008-09-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com2008-09-30 23:23 . 2008-09-30 23:23 319,488 --a------ C:\WINDOWS\drxinstp.exe2008-09-30 21:02 . 2008-10-02 02:04 <DIR> d-------- C:\SDFix2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\WINDOWS\Cache2008-09-29 08:01 . 2008-09-29 08:01 <DIR> d-------- C:\Program Files\MSN Messenger2008-09-29 08:01 . 2008-09-29 08:02 491,520 --a------ C:\WINDOWS\msado15.dll2008-09-29 08:00 . 2008-09-29 08:00 152,920 --a------ C:\WINDOWS\system32\vghd.scr2008-09-29 07:58 . 2008-09-29 08:02 <DIR> d-------- C:\Program Files\vghd2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\pointgo2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Program Files\Al Roker Vs. Star Jones Boxing2008-09-29 07:58 . 2008-09-29 07:58 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\vghd2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\WINDOWS\system32\iDlo072008-09-29 07:56 . 2008-09-30 23:19 <DIR> d-------- C:\Temp2008-09-29 07:56 . 2008-09-29 07:56 <DIR> d-------- C:\Program Files\OINAnalytics2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\QuickTime2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iTunes2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\iPod2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Bonjour2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\Family Computer\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer2008-09-29 07:41 . 2008-09-29 07:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2008-09-29 07:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll2008-09-29 07:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE2008-09-29 07:40 . 2008-09-29 07:41 <DIR> d-------- C:\Program Files\Common Files\Apple2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Program Files\Apple Software Update2008-09-29 07:40 . 2008-09-29 07:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple2008-09-29 07:39 . 2008-10-05 11:30 <DIR> d-------- C:\Program Files\FlashGet2008-09-28 01:49 . 2008-09-28 01:49 <DIR> d-------- C:\Program Files\Matrix-ks2008-09-28 01:38 . 2008-09-28 01:38 <DIR> d-------- C:\_OTMoveIt2008-09-20 23:35 . 2008-09-30 23:20 <DIR> d-------- C:\Documents and Settings\Family Computer2008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\WINDOWS\13672008-09-14 17:33 . 2008-09-30 23:23 <DIR> d-------- C:\Program Files\MWGuide2008-09-14 17:32 . 2008-09-29 08:00 415 --a------ C:\DelPI.bat2008-09-07 13:02 . 2008-10-02 01:48 <DIR> d-------- C:\Documents and Settings\Administrator2008-09-07 12:44 . 2008-09-07 12:47 <DIR> d-------- C:\rsit2008-09-07 12:44 . 2008-09-07 12:45 <DIR> d-------- C:\Program Files\trend micro2008-09-07 07:05 . 2008-09-07 07:05 153,404 --a------ C:\WINDOWS\system32\g15.exe2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts2008-09-05 08:48 . 2008-09-05 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-15 00:35 --------- d-----w C:\Program Files\InCtrl52008-08-31 07:53 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll2008-08-29 05:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe2008-08-25 02:19 --------- d-----w C:\Program Files\NOS2008-08-24 08:21 --------- d-----w C:\Program Files\Common Files\Adobe AIR2008-08-24 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS2008-08-24 08:20 --------- d-----w C:\Program Files\Common Files\Adobe2008-08-20 13:35 --------- d-----w C:\Program Files\Google2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll.((((((((((((((((((((((((((((( snapshot@2008-09-29_ 7.51.57.53 ))))))))))))))))))))))))))))))))))))))))).+ 2008-09-29 15:02:10 10,138 ----a-w C:\WINDOWS\1367\sub.dat+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE+ 2008-10-02 08:51:39 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT+ 2008-10-02 08:51:39 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat+ 2008-08-07 23:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE+ 2008-10-02 08:51:34 708,608 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT+ 2008-10-02 08:51:34 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat+ 2008-09-29 15:24:59 19,174 --sh--r C:\WINDOWS\Installer\{6a9593c3-a96f-406a-bcd6-5a547a09b58e}\AlrtSys.dll+ 2008-10-01 06:37:57 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe+ 2008-10-01 06:37:57 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe+ 2001-08-28 21:00:00 4,224 -c--a-w C:\WINDOWS\system32\dllcache\beep.sys+ 2008-02-24 07:47:48 32,768 ----a-w C:\WINDOWS\system32\iDlo07\iDlo071084.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]"MWGuide"="C:\Program Files\MWGuide\MWGuide.exe" [2007-04-17 229376][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]"SoundMan"="SOUNDMAN.EXE" [2005-02-23 C:\WINDOWS\SOUNDMAN.EXE][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]C:\Documents and Settings\Family Computer\Start Menu\Programs\Startup\VirtuaGirl HD.LNK - C:\Program Files\vghd\vghd.exe [2008-09-29 11875648][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\FlashGet\\flashget.exe"=S1 b7a36ed3;b7a36ed3;C:\WINDOWS\system32\drivers\b7a36ed3.sys [ ]S3 restore;restore;C:\WINDOWS\system32\drivers\restore.sys [ ].Contents of the 'Scheduled Tasks' folder.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-05 15:04:26Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.Completion time: 2008-10-05 15:06:07ComboFix-quarantined-files.txt 2008-10-05 22:05:05ComboFix2.txt 2008-10-04 23:36:05ComboFix3.txt 2008-10-01 06:25:41ComboFix4.txt 2008-09-29 14:53:16Pre-Run: 75,398,590,464 bytes freePost-Run: 75,404,148,736 bytes free158 --- E O F --- 2008-09-19 02:52:21 Quote Link to post Share on other sites
sarahw Posted October 5, 2008 Author Report Share Posted October 5, 2008 I cannot access Virustotal on this machine.But here are the results:iDlo071084.exe[ scan result ]AhnLab-V3 2008.10.3.2/20081003 found nothingAntiVir 7.8.1.34/20081004 found [TR/Dldr.VB.ceh]Authentium 5.1.0.4/20081004 found [W32/Downldr2.BIIB]Avast 4.8.1248.0/20081004 found [Win32:VB-HMZ]AVG 8.0.0.161/20081004 found [Downloader.Generic6.AKTI]BitDefender 7.2/20081005 found [Trojan.Generic.132631]CAT-QuickHeal 9.50/20081004 found [TrojanDownloader.VB.cgu]ClamAV 0.93.1/20081004 found nothingDrWeb 4.44.0.09170/20081005 found [Trojan.DownLoader.24715]eSafe 7.0.17.0/20081002 found [Win32.VB.ceh]eTrust-Vet 31.6.6129/20081004 found [Win32/VMalum.CCNX]Ewido 4.0/20081004 found [Downloader.VB.ceh]F-Prot 4.4.4.56/20081004 found [W32/Downldr2.BIIB]F-Secure 8.0.14332.0/20081005 found [Trojan-Downloader.Win32.VB.ceh]Fortinet 3.113.0.0/20081004 found nothingGData 19/20081005 found [Trojan.Generic.132631]Ikarus T3.1.1.34.0/20081005 found [Trojan-Downloader.Win32.VB.ceh]K7AntiVirus 7.10.484/20081004 found [Trojan-Downloader.Win32.VB.ceh]Kaspersky 7.0.0.125/20081005 found [Trojan-Downloader.Win32.VB.ceh]McAfee 5398/20081004 found [Generic Downloader.s]Microsoft 1.4005/20081005 found [TrojanDownloader:Win32/VB.AAF]NOD32 3495/20081004 found [a variant of Win32/TrojanDownloader.VB.AWJ]Norman 5.80.02/20081003 found [W32/DLoader.HPLF]Panda 9.0.0.4/20081004 found [Trj/Downloader.PLF]PCTools 4.4.2.0/20081004 found [Trojan.DL.VB.DZTL]Prevx1 V2/20081005 found nothingRising 20.63.62.00/20080928 found [Trojan.Win32.VB.fuj]SecureWeb-Gateway 6.7.6/20081005 found [Trojan.Dldr.VB.ceh]Sophos 4.34.0/20081004 found [Mal/Generic-A]Sunbelt 3.1.1675.1/20080927 found [Trojan-Downloader.VB.ceh]Symantec 10/20081005 found [Downloader]TheHacker 6.3.1.0.101/20081004 found nothingTrendMicro 8.700.0.1004/20081003 found nothingVBA32 3.12.8.6/20081004 found [Trojan-Downloader.Win32.VB.ceh]ViRobot 2008.10.4.1406/20081004 found [Trojan.Win32.Downloader.32768.BZ]VirusBuster 4.5.11.0/20081004 found [Trojan.DL.VB.DZTL]IconCDDCBBF15.exe[ scan result ]AhnLab-V3 2008.10.3.2/20081003 found nothingAntiVir 7.8.1.34/20081004 found nothingAuthentium 5.1.0.4/20081004 found nothingAvast 4.8.1248.0/20081004 found nothingAVG 8.0.0.161/20081004 found nothingBitDefender 7.2/20081005 found nothingCAT-QuickHeal 9.50/20081004 found nothingClamAV 0.93.1/20081004 found nothingDrWeb 4.44.0.09170/20081005 found nothingeSafe 7.0.17.0/20081002 found nothingeTrust-Vet 31.6.6129/20081004 found nothingEwido 4.0/20081004 found nothingF-Prot 4.4.4.56/20081004 found nothingF-Secure 8.0.14332.0/20081005 found nothingFortinet 3.113.0.0/20081004 found nothingGData 19/20081005 found nothingIkarus T3.1.1.34.0/20081005 found nothingK7AntiVirus 7.10.484/20081004 found nothingKaspersky 7.0.0.125/20081005 found nothingMcAfee 5398/20081004 found nothingMicrosoft 1.4005/20081005 found nothingNOD32 3495/20081004 found nothingNorman 5.80.02/20081003 found nothingPanda 9.0.0.4/20081004 found nothingPCTools 4.4.2.0/20081004 found nothingPrevx1 V2/20081005 found nothingRising 20.63.62.00/20080928 found nothingSecureWeb-Gateway 6.7.6/20081005 found nothingSophos 4.34.0/20081004 found nothingSunbelt 3.1.1668.1/20080924 found nothingSymantec 10/20081005 found nothingTheHacker 6.3.1.0.101/20081004 found nothingTrendMicro 8.700.0.1004/20081003 found nothingVBA32 3.12.8.6/20081004 found nothingViRobot 2008.10.4.1406/20081004 found nothingVirusBuster 4.5.11.0/20081004 found nothingIconCDDCBBF13.exe[ scan result ]AhnLab-V3 2008.10.3.2/20081003 found nothingAntiVir 7.8.1.34/20081004 found nothingAuthentium 5.1.0.4/20081004 found nothingAvast 4.8.1248.0/20081004 found nothingAVG 8.0.0.161/20081004 found nothingBitDefender 7.2/20081005 found nothingCAT-QuickHeal 9.50/20081004 found nothingClamAV 0.93.1/20081004 found nothingDrWeb 4.44.0.09170/20081005 found nothingeSafe 7.0.17.0/20081002 found nothingeTrust-Vet 31.6.6129/20081004 found nothingEwido 4.0/20081004 found nothingF-Prot 4.4.4.56/20081004 found nothingF-Secure 8.0.14332.0/20081005 found nothingFortinet 3.113.0.0/20081004 found nothingGData 19/20081005 found nothingIkarus T3.1.1.34.0/20081005 found nothingK7AntiVirus 7.10.484/20081004 found nothingKaspersky 7.0.0.125/20081005 found nothingMcAfee 5398/20081004 found nothingMicrosoft 1.4005/20081005 found nothingNOD32 3495/20081004 found nothingNorman 5.80.02/20081003 found nothingPanda 9.0.0.4/20081004 found nothingPCTools 4.4.2.0/20081004 found nothingPrevx1 V2/20081005 found nothingRising 20.63.62.00/20080928 found nothingSecureWeb-Gateway 6.7.6/20081005 found nothingSophos 4.34.0/20081004 found nothingSunbelt 3.1.1668.1/20080924 found nothingSymantec 10/20081005 found nothingTheHacker 6.3.1.0.101/20081004 found nothingTrendMicro 8.700.0.1004/20081003 found nothingVBA32 3.12.8.6/20081004 found nothingViRobot 2008.10.4.1406/20081004 found nothingVirusBuster 4.5.11.0/20081004 found nothingI'm still waiting for the results on beep.sysThe others didn't exist Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.